Valve’s online distribution service Steam has been found to be vulnerable to hackers.

According to a report, the way in which browsers and other applications handle the “steam://” protocol URLs can be exploited.

This protocol is used for websites, such as the Steam Web Store. The problem is that hackers can abuse these commands remotely by tricking users into executing these commands through maliciously crafted steam:// URLs on various websites.

“All the browsers that execute external URL handlers directly without warnings and those based on the Mozilla engine (like Firefox and SeaMonkey) are a perfect vector to perform silent Steam Browser Protocol calls,” the researchers from ReVuln said.

“Additionally for browsers like Internet Explorer and Opera it’s still possible to hide the dodgy part of the URL from being shown in the warning message by adding several spaces into the steam:// URL itself.”

The security firm even put together a concept video, proving their claims:

Source: ComputerWorld

Related articles

Steam gets first non-game software

Indie Game Stand: “pay what you want” platform for indie devs

Black Mesa free Half-Life 1 conversion mod released

Steam Community launched by Valve

Erotic game “Seduce Me” booted-off Steam Greenlight

Steam’s Big Picture mode heads to your living room TV